pulumi-azure-kotlin/com.pulumi.azure.authorization.kotlin/RoleDefinitionArgs

RoleDefinitionArgs

data class RoleDefinitionArgs(val assignableScopes: Output<List<String>>? = null, val description: Output<String>? = null, val name: Output<String>? = null, val permissions: Output<List<RoleDefinitionPermissionArgs>>? = null, val roleDefinitionId: Output<String>? = null, val scope: Output<String>? = null) : ConvertibleToJava<RoleDefinitionArgs>

Manages a custom Role Definition, used to assign Roles to Users/Principals. See 'Understand role definitions' in the Azure documentation for more details.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.CoreFunctions;
import com.pulumi.azure.core.inputs.GetSubscriptionArgs;
import com.pulumi.azure.authorization.RoleDefinition;
import com.pulumi.azure.authorization.RoleDefinitionArgs;
import com.pulumi.azure.authorization.inputs.RoleDefinitionPermissionArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        final var primary = CoreFunctions.getSubscription();
        var example = new RoleDefinition("example", RoleDefinitionArgs.builder()
            .scope(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .description("This is a custom role created")
            .permissions(RoleDefinitionPermissionArgs.builder()
                .actions("*")
                .notActions()
                .build())
            .assignableScopes(primary.applyValue(getSubscriptionResult -> getSubscriptionResult.id()))
            .build());
    }
}

Import

Role Definitions can be imported using the resource id, e.g.

$ pulumi import azure:authorization/roleDefinition:RoleDefinition example "/subscriptions/00000000-0000-0000-0000-000000000000/providers/Microsoft.Authorization/roleDefinitions/00000000-0000-0000-0000-000000000000|/subscriptions/00000000-0000-0000-0000-000000000000"

Constructors

RoleDefinitionArgs

fun RoleDefinitionArgs(assignableScopes: Output<List<String>>? = null, description: Output<String>? = null, name: Output<String>? = null, permissions: Output<List<RoleDefinitionPermissionArgs>>? = null, roleDefinitionId: Output<String>? = null, scope: Output<String>? = null)

Functions

toJava

open override fun toJava(): RoleDefinitionArgs

Properties

assignableScopes

val assignableScopes: Output<List<String>>? = null

One or more assignable scopes for this Role Definition, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM.

description

val description: Output<String>? = null

A description of the Role Definition.

name

val name: Output<String>? = null

The name of the Role Definition.

permissions

val permissions: Output<List<RoleDefinitionPermissionArgs>>? = null

A permissions block as defined below.

roleDefinitionId

val roleDefinitionId: Output<String>? = null

A unique UUID/GUID which identifies this role - one will be generated if not specified. Changing this forces a new resource to be created.

scope

val scope: Output<String>? = null

The scope at which the Role Definition applies to, such as /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333, /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup, or /subscriptions/0b1f6471-1bf0-4dda-aec3-111122223333/resourceGroups/myGroup/providers/Microsoft.Compute/virtualMachines/myVM. It is recommended to use the first entry of the assignable_scopes. Changing this forces a new resource to be created.